Page History

...

InCommon is launching an easier method for participants to provide collaborative services for researchers and scholars via their federated identities by reducing the overhead of policy interpretation, inter-institutional agreements and system configuration. This method categorizes service providers (SPs) to simplify the configuration of identity providers (IdPs); the result is that researchers can successfully access SP sites without delay and without contacting their local IDP admin. The newly defined Research & Scholarship (R&S) category will apply to service providers that support research and scholarly activities such as virtual organizations and campus-based collaboration services. Participating IdPs will agree to release a minimal set of attributes to the R&S category with a one-time addition to their default release policies, a simpler and more scalable approach than negotiating such release bilaterally with every service provider.

...

• The service enhances the research and scholarship activities of some subset of the InCommon community.
• The service does not require contracts with IdPs.The service meets the following technical requirements:
  • The SP is a production SAML deployment.
  • The SP's metadata has been submitted to InCommon and published in a human-readable format on the InCommon public web site.
  • The SP refreshes and verifies metadata at least daily.
  • The SP provides an mdui:DisplayName in metadata (one of numerous User Interface Elements).
  • The SP supports the SAML V2.0 HTTP-POST binding (one of numerous SAML V2.0 endpoints in metadata)
  • The SP provides Technical and Administrative contacts in metadata.
  • The SP provides requested attributes in metadata.

...

1. An entity attribute is inserted into metadata.
2. The new R&S SP is added to a web page listing members of the R&S category.
3. An announcement is sent to the announce@incommon.org email list and/or the monthly newsletter.

Implementation Considerations for Service Providers

It is important that the implementation and deployment of all InCommon services facilitate their initial on-boarding processes to avoid operational and technical impediments to adoption, as described in Recommended Practices.

More specifically, R&S services generally have a broad user community, often including people who do not have a close relationship with the Service Provider, nor do those people's IdPs.  For this reason, R&S Service Providers are encouraged to consider the following guidelines:

• The service should not require out-of-band negotiation with IdPs.
• The service should request a subset of R&S Category Attributes, and furthermore, the service should request only those attributes it absolutely needs. (See the section on R&S Category Attributes for details.)
• The SP should fully support SAML V2.0 Web Browser SSO (see the SP Endpoints in Metadata wiki page).
• The SP should provide a complete set of User Interface Elements in metadata. In particular, a Privacy Statement and a Logo are highly recommended.
• In addition to the Technical and Administrative contacts in metadata required of all SPs, a Security contact should also be provided (once that option becomes available).
• The SP should strive to provide a good, overall user experience. In particular, the SP should intelligently handle errors involving the release of requested attributes.

Policy Considerations for Identity Providers

...